Security

The boring details that keep your recipes safe.

Family recipes shouldn't leak. Here's what we do — concretely — to keep them where they belong.

What we do

Encryption in transit

Every connection between your browser and our servers uses TLS 1.2+. We don't accept plain HTTP.

Encryption at rest

Your data lives in MongoDB Atlas with cluster-wide encryption at rest. Backups are encrypted with the same keys.

Access scoping at the database

Visibility (private / family / public) is enforced server-side on every read. The browser can't ask for what it isn't allowed to see.

Least-privilege service accounts

The application connects with a database user limited to the recipes_with_memories database — no cross-tenant access.

Patched, monitored, audited

Atlas patches the database. We monitor query logs for anomalies and rotate secrets quarterly.

Email security@example.com — encrypt with our PGP key if you can.
We acknowledge within 2 business days, with a fix-or-disclose plan within 14 days.
Coordinated disclosure only — please don't publish before the fix ships.

Last reviewed: April 2026